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System for protected storage aad management in a TTP server. 



The invention relates to a system for protected storage a nd 
management in a TTP server [TTP = Trusted Third Party] of copies 
of digital files transmitted, by way of a transmission channel, 
from a first to a second user. 

The invention relates to, in other words, a timeless key 
and storage system for the benefit of the long-term storage of 
electronically exchanged {digitally protected) information and 
protectedly making available (secure retrieving) the stored data. 
The few known systems have the following drawbacks: 

1) Current protection techniques have a restricted hackability 
duration guarantee. 

2) Limited protection guarantees prior to, during and after 
long-term storage. 

3) Much, storage space and effort are required for key 
mana ge men t . 

4) Protected long-term storage and the associated key and 
storage management is now either not regulated or very 
complex in setup. 

5) Due to the ever changing software and hardware, it is very 
difficult to guarantee electronic timelessness . 

B. SUMMARY OF THE INVENTION 

The object of the invention is to overcome said drawbacks. 
For this purpose, the invention provides for a system having 
means for carrying out the functionalities: "Secure Archiving", 

"Re-encryption" and "Secure Retrieval", which will be discussed 
below. In this connection, the optional items "Digital Sign" and 

"Time Stamp" will be discussed separately. 

■Secure Archiving" 

If, according to the current state of the art, a file is 
transmitted from a first user to a second user in a safe way, the 
file is enciphered with a symmetrical session key, which in its 
turn is enciphered with the public key of the second user. Said 
second user may decipher the session key with his private key and 
decipher the file itself with the session key deciphered in this 
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System for protected storage and management in a TTP server. 

BACKGROUND OF THE INVENTION 

The invention relates to a system for protected storage and 
management in a TTP server [TTP = Trusted Third Party] of copies 
of digital files transmitted, by way of a transmission channel, 
from a first to a second user. 

The invention relates to, in other words, a timeless key 
and storage system for the benefit of the long-term storage of 
electronically exchanged (digitally protected) information and 
protectedly making available (secure retrieving) the stored data. 

The few known systems have the following drawbacks : 

1) Current protection techniques have a restricted hackability 
duration guarantee. 

2) Limited protection guarantees prior to, during and after 
long-term storage. 

3) Much storage space and effort are required for key 
management . 

4) Protected long-term storage and the associated key and 
storage management is now either not regulated or very 
complex in setup. 

5) Due to the ever changing software and hardware, it is very 
difficult to guarantee electronic timelessness . 

B. SUMMARY OF THE INVENTION 

The object of the invention is to overcome said drawbacks. 
For this purpose, the invention provides for a system having 
means for carrying out the functionalities: "Secure Archiving", 
"Re-encryption" and "Secure Retrieval", which will be discussed 
below. In this connection, the optional items "Digital Sign" and 
"Time Stamp" will be discussed separately. 



"Secure Archiving" 

If, according to the current state of the art, a file is 
35 transmitted from a first user to a second user in a safe way, the 

file is enciphered with a symmetrical session key, which in its 
turn is enciphered with the public key of the second user. Said 
second user may decipher the session key with his private key and 
decipher the file itself with the session key deciphered in this 
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According to the invention, the session key is also 
enciphered by the first user with the public key of an "in-line" 
TTP server (i.e., included in the transmission channel between 
the first and second users) , which TTP server deciphers the 
session key received with his private key. Thereafter, the TTP 
server enciphers the deciphered session key with a "public" 
storage key. The session key enciphered with said public storage 
key and the file enciphered with the session key are subsequently 
stored in a storage medium of the TTP. 

It should be noted that above and below there is spoken of 
public and private keys. These are generally known. In general, 
a public and a private key constitute an asymmetric pair of keys . 
If a file or a code is enciphered with the public key of an 
asymmetric pair of keys, said file or code may be deciphered only 
with the help of the associated private key and vice versa. In 
general, the public keys are available to "the public", e.g., by 
way of a publicly accessible data base, such as www.pgp.com. In 
the present application, it is assumed that the users and the TTP 
each dispose of a pair of keys, each consisting of a public and a 
private key, and in particular intented for protecting the mutual 
data exchange of the files and codes. In addition, the TTP 
disposes of a pair of keys which is used within the TTP only; the 
"public" and private keys serve as protected storage or recovery 
("secure retrieval"), as the case may be, of files and codes. 
The public storage key is not, as is normally the case for public 
keys, put at the disposal of the public. 

"Re-encryption" 

By way of "periodic maintenance" - from security 
considerations - the TTP server may at regular points in time 
store the file once again in the storage medium. For this 
purpose, the session key with which the file was enciphered is 
first recovered by deciphering - with the private storage key - 
the stored (enciphered) session key. Subsequently, the 
enciphered file stored in the storage medium is deciphered with 
the recovered session key. 

The TTP server then generates a new asymmetric pair of 
storage keys, consisting of a new public storage key (which is 
not made available outside the TTP) and a new private storage 
key, and a new version of the symmetrical session key, whereafter 
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the TTP enciphers the deciphered file with the new session key 
and stores it in the storage medium. 

The TTP also enciphers the new session key with the new 
public storage key and stores said enciphered session key in the 
storage medium. 

"Secure Retrieval" 

For protected recovery of the stored file, and transmission 
thereof to the first and/or second user, the symmetrical session 
key is recovered from the storage medium by deciphering, with the 
private storage key, the stored enciphered session key. The 
recovered session key is subsequently enciphered with the current 
public key of the first or second user, as the case may be, and 
transmitted to said user by way of the transmission channel, 
together with a copy of the file stored in the storage medium, 
enciphered with the session key. After having received the 
enciphered session key, the user may recover the session key 
therefrom by deciphering with his private key. Subsequently, the 
user may decipher the file enciphered with the session key using 
the recovered session key. 

"Digital Sign" 

The public key of the first user may - as is well-known - 
be used to verify a digital signature of the file. A problem 
arises if - which frequently occurs - the first user at a certain 
point in time, after the file has been stored in the TTP server, 
generates a new pair of keys (comprising a public and a private 
key) and discontinues the old one. For this reason, it is of 
importance to store the (original) public key of the first user 
in the TTP server, since only said original key may be used for 
verifying the digital signature of the stored, later retrievable 
file. 

For this case, the TTP server, after having received the 
enciphered file, also enciphers the - at that point in time 
publicly available - public key of the first user, with the 
public storage key, and stores said enciphered public key in the 
storage medium. 

Periodically, the TTP server — as "periodical maintenance- 
— deciphers the enciphered (original) public key, stored in the 
Storage medium, of the first user having the private storage key. 
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and enciphers the deciphered public key of the first user having 
the newly generated public storage key, and stores said freshly 
enciphered key in the storage medium. 

The public key of the first user may ■ — upon retrieving the 
stored file — be recovered from the storage medium by 
deciphering, with the private storage key, said stored key. The 
public key of the first user recovered in this manner is 
subsequently enciphered with the — at that point in time 
publicly available — public key of the retrieving first or 
second user, and transmitted by way of the transmission channel. 
After having received said enciphered public key, the user may 
recover the original public key of the first user by deciphering 
his current private key; subsequently, the digital signature of 
the recovered file may be verified using the recovered original 
public key of the first user. 



"Time Stamp" 

If so desired, the TTP server, after the enciphered file 
has been received and stored, may generate a time stamp and store 

20 it, linked to the stored file and enciphered with the public 

storage key, in the storage medium. In the event of retrieving 
the stored file by the first or second user, the time stamp is 
deciphered and subsequently enciphered with the public key valid 
for said user and transmitted to the user. The user may decipher 

25 the enciphered time stamp with his current private key. 



DESCRIPTION OF THE FIGURES 

Below, the invention is illustrated in further detail by 
reference to several figures. Figures 1, 2 and 3 illustrate the 
30 functions "Secure Archiving", "Re-encryption" and "Secure 

Retrieval", including the items "Digital Sign" and the "Time 
Stamp" . 



FIG. 1: "Secure Archiving" 

35 A file Txt is transmitted from a first user A to a second 

user B after having been enciphered with a symmetical session key 
SesKey. Said session key is enciphered with the public key 
PubKeyB of the second user. The latter may decipher the session 
key with his private key SecKeyB and the file itself with the 

40 deciphered session key. 



WO 01/01629 



5 



PCT/EP00/05642 



The session key is also enciphered by the first user with 
the public key of the TTP server PubKeyTTP, which, after having 
received it, deciphers said session key with his private key 
SecKeyTTP. Thereafter the TTP server enciphers the deciphered 
5 session key with a "public" storage key PubStorKey of the TTP. 

The (transmission) keys of the users A and B each form an 
asymmetrical pair of keys, KeyPairA and KeyPairB, respectively, 
consisting of PubKeyA and SecKeyA, and PubKeyB and SecKeyB, 
respectively. The TTP uses the pair of keys KeyPairTTP, 

10 consisting of PubKeyTTP and SecKeyTTP. Finally, for the 

protected storage of an asymmetrical pair of keys StorKeyPair, 
consisting of the keys PubStorKey and SecStorKey; contrary to 
the preceding public keys, PubStorKey nor SecStorKey is publicly 
available, but is used exclusively within the TTP. 

15 The session key (SesKey) PubStorKey enciphered with the 

public storage key PubStorKey and the file (Txt) SesKey enciphered 
with the session key SesKey are subsequently stored in the 
storage medium DB of the TTP. 

20 "Digital Sign" 

The public key PubKeyA of the first user A may be used to 
verify a digital signature DigSign of the file Txt. In this 
case, the TTP server, after having received the enciphered file 
(Txt) SesKey, also enciphers the - at that point in time publicly 
25 available - public key PubKeyA from the first user A, with the 

public storage key PubStorKey, and stores said enciphered public 
key (PubKeyA) PubStorKey in the storage medium DB. 

"Time Stamp" 

30 After having received and stored the enciphered file 

(Txt) SesKey, the TTP server may generate a time stamp TStamp and 
store it, after enciphering with the public storage key 
PubStorKey and linked to the stored file, in the storage medium 
DB as (TStamp) PubStorKey. 

35 

FIG. 2: "Re-encryption" 

As "periodical maintenance n , the TTP server deciphers the 
enciphered file (Txt) SesKey stored in the storage medium with the 
session key SesKey, which for that purpose is recovered by 
40 deciphering the stored session key (SesKey) PubStorKey with the 
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private storage key SecStorKey. The TTP server subsequently 
generates a fresh pair of storage keys StorKeyPair, comprising a 
new "public" storage key PubStorKey and a new private storage 
key SecStorKey' , as well as a new version of the symmetrical 
session key SesKey 1 . The TTP subsequently enciphers the 
deciphered file Txt with the new session key SesKey* and stores 
the file (Txt) SesKey" enciphered in this manner in the storage 
medium DB. 

The TTP also enciphers the new session key with the new 
public storage key PubStorKey and stores the session key 
(SesKey'} PubStorKey' enciphered in this manner in the storage 
medium DB. 

"Digital Sign" 

During the periodical maintenance, the TTP server also 
deciphers the enciphered public key (PubKeyA) PubStorKey stored in 
the storage medium of the first user with the private storage key 
SecStorKey, and subsequently enciphers the deciphered public key 
PubKeyA with the newly generated public storage key PubStorKey' 
and stores the public key (PubKeyA) PubStorKey ' enciphered in this 
manner in the storage medium. 

"Time Stamp" 

During the periodical maintenance, the TTP server also 
deciphers the enciphered time stamp (TS tamp) PubStorKey stored in 
the storage medium with the private storage key SecStorKey, and 
subsequently enciphers the deciphered time stamp with the newly 
generated public storage key PubStorKey' and stores the time 
stamp (TS tamp) PubStorKey' enciphered in this manner in the 
storage medium. 

FIG. 3: "Secure Retrieval" 

For protected recovery of the file Txt, and the 
transmission thereof to the first and second users A and B, 
respectively, the symmetrical session key SesKey is recovered 
from the storage medium by deciphering, with the private storage 
key SecStorKey, the stored enciphered session key 
(SesKey) PubStorKey. The recovered session key SesKey is 
subsequently enciphered with the then current public key PubKeyA" 
or PubKeyB", as the case may be, from the querying first or 
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second user A or B, as the case may be, and transmitted to said 
user by way of the transmission channel, together with a copy of 
the file stored in the storage medium, with the user, after 
having received the enciphered session key (SesKey) PubKeyA- or 
(SesKey) PubKeyB" , being capable of recovering the session key 
therefrom by deciphering , with his private key SecKeyA- or 
SecKeyB', as the case may be, and subsequently being capable of 
deciphering the file (Txt) SesKey using the recovered session key. 

"Digital Sign" 

The original public key PubKeyA of the first user, 
necessary for verifying the digital signature of the recovered 
file, may be recovered from the storage medium by deciphering, 
with the private storage key SecStorKey, the stored public key 
(PubKeyA) PubStorKey of the first user enciphered with the public 
storage key. The deciphered public key PubKeyA of the first user 
recovered in this manner is subsequently enciphered with the 
current public key PubKeyA" or PubKeyB~ , as the case may be, of 
the retrieving first or second user A or B, as the case may be. 
and transmitted to the user by way of the transmission channel. 
After having received said enciphered public key 
(PubKeyA) PubKeyA- or (PubKeyA) PubKeyB' , as the case may be, the 
user may recover the original public key PubKeyA of the first 
user therefrom by deciphering, with his current private key 
SecKeyA ~ or SecKeyB", as the case may be. Subsequently, the 
digital signature DigSign of the file Txt may be verified using 
the recovered public key PubKeyA of the first user. 

It should be noted that it is preferable to - otherwise 
than is shown in FIG. 3 - not transmit the digital signature 
DigSign unencipheredly to the first or second user, as the case 
may be, but enciphered with the public key of user A or B, as the 
case may be: instead of "DigSign", the TTP server then transmits 
" (DigSign) PubKeyA" or " (DigSign) PubKeyB"", as the case may be. 
At the user's side, the digital signature may be recovered by 
deciphering, with the private keys of A and B, SecKeyA and 
SecKeyB, respectively. 

"Time Stamp" 

When the stored file is retrieved by the first or second 
user, the time stamp is first retrieved by deciphering 
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(TStamp) PubStorKey with the private storage key SecStorKey. The 
recovered time stamp is subsequently enciphered with the user's 
current public key PubKeyA' or PubKeyB* , as the case may be, and 
transmitted to said user. Thereafter, the user may decipher the 
enciphered time stamp (TStamp) PubKeyA' or (TStamp) PubKeyB' , as 
the case may be, with his current private key SecKeyA' or 
SecKeyB" , as the case may be. 
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CLAIMS 



1. System for protectedly storing and managing, in a TTP 
server, copies of digital files which are transmitted, by way of 

5 a transmission channel, from a first to a second user, 

characterised in that 

a file (Txt) is transmitted from the first user (A) to a 
second user (B) after having been enciphered with a 
symmetrical session key (SesKey) , which session key is 

10 enciphered using the public key (PubKeyB) of a first 

asymmetrical pair of keys (KeyPairB) associated with the 
second user, which second user, after having received it, 
may decipher the session key using the private key 
(SecKeyB) of said first asymmetrical pair of keys 

15 (KeyPairB) and subsequently may decipher the file using the 

session key deciphered in this manner, the session key 
(SesKey) also being enciphered by the first user (A) using 
the public key (PubKeyTTP) of a second asymmetrical pair of 
keys (KeyPairTTP) associated with the TTP server, which TTP 

20 server, after having received it, deciphers said session 

key using the private key (SecKeyTTP) from said second 
asymmetrical pair of keys (KeyPairTTP) , whereafter the TTP 
server enciphers the deciphered session key (SesKey) using 
the public key of a third asymmetrical pair of keys 

25 (StorKeyPair) , hereinafter to be referred to as public 

storage key (PubStorKey) , and stores the session key 
( (SesKey) PubStorKey) enciphered with said storage key, 
together with the file ( (Txt) SesKey) enciphered with the 
session key (SesKey) , in a storage medium (DB) . 

30 

2 . System according to claim 1 , characterised in that , 
periodically, 

the TTP server deciphers the enciphered file ( (Txt) SesKey) 
stored in the storage medium with the session key (SesKey) , 
35 which for that purpose is recovered in advance by 

deciphering the stored enciphered session key 
( (SesKey) PubStorKey) with the private key of the third pair 
of keys (StorKeyPair) , hereinafter to be referred to as the 
private storage key (SecStorKey) ; 
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the TTP server subsequently generates a new version of the 
third pair of keys, comprising a new public storage key 

(PubStorKey') and a new private storage key (SecStorKey • ) , 
and a new version of the symmetrical session key (SesKey'), 
whereafter the TTP enciphers the deciphered file (Txt) with 
the new session key (SesKey 1 } and stores the file 

( (Txt) SesKey ' ) enciphered in this manner in the storage 
medium (DB) ; 

the TTP server enciphers the new session key (SesKey') with 
the new public storage key (PubStorKey 1 ) and stores the 
session key ( (SesKey ') PubStorKey 1 ) enciphered in this 
manner in the storage medium (DB) . 

3. System according to claim 1, characterised in that, for 
protected recovery of the file (Txt) and transmission thereof to 
the first user (A) or the second user (B) , as the case may be, 
the symmetrical session key (SesKey) is recovered from the 
storage medium by deciphering, with the private storage key 
(SecStorKey) , the stored enciphered session key 

( (SesKey) PubStorKey) , whereafter the recovered session key 
(SesKey) is subsequently enciphered with the current public key 
{PubKeyA' or PubKeyB 1 , as the case may be) of the first or second 
user (A or B, as the case may be) , and is transmitted to the user 
by way of the transmission channel, together with a copy of the 
file ( (Txt) SesKey) stored in the storage medium, with the user, 
after having received the enciphered session key 

( (SesKey) PubKeyA' or (SesKey) PubKeyB ' , as the case may be), being 
capable of recovering the session key therefrom by deciphering 
using the user's private key (SecKeyA' or SecKeyB' , as the case 
may be) , and subsequently being capable of deciphering the 
enciphered file ( (Txt) SesKey) using the recovered session key. 

4. System according to claim 1, the public key (PubKeyA) of 
the first user (A) being used to verify a digital signature 
(DigSign) of the file (Txt) , characterised in that the TTP 
server, after having received the enciphered file ( (Txt) SesKey) , 
also enciphers the then current public key (PubKeyA) of the first 
user (A) using the public storage key (PubStorKey) , and stores 
said enciphered public key { (PubKeyA) PubStorKey) in the storage 
medium (DB) . 



WO 01/01629 



11 



PCT/EPOO/05642 



5. System according to claim 4, characterised in that, 
periodically, 

the TTP server deciphers the enciphered public key 

(PubKeyA) of the first user stored in the storage medium 
with the private storage key (SecStorKey) ; 
the TTP server subsequently generates a new version of the 
third pair of keys, comprising a new public storage key 

(PubStorKey") and a new private storage key (SecStorKey'); 
the TTP server enciphers the deciphered public key 

(PubKeyA) of the first user with the new public storage key 

(PubStorKey 1 ) and stores said public key 

( (PubKeyA) PubStorKey' ) , enciphered in this manner, in the 
storage medium. 

6 . System according to claim 4 , characterised in that the 
public key (PubKeyA) of the first user is recovered from the 
storage medium by deciphering, with the private storage key 
(SecStorKey) , the stored enciphered public key 

( (PubKeyA) PubStorKey) of the first user, 

that said original public key (PubKeyA) recovered in this manner 
is subsequently enciphered with the current public key (PubKeyA 1 
or PubKeyB', as the case may be) of the first or second user (A 
or B, as the case may be) , and is transmitted by way of the 
transmission channel to the first or second user, as the case may 
be, with the user, after having received said enciphered public 
key { (PubKeyA) PubKeyA' or (PubKeyA) PubKeyB' , as the case may be) 
being capable of recovering the original public key (PubKeyA) of 
the first user therefrom by deciphering with his current private 
key (SecKeyA' or SecKeyB', as the case may be), and subsequently 
being capable of verifying the digital signature (DigSign) of the 
file (Txt) using the original public key (PubKeyA) of the first 
user recovered in this manner. 

7. System according to claim 6, characterised in that the 
digital signature (DigSign) is enciphered with the current public 
key (PubKeyA 1 or PubKeyB', as the case may be) of the first or 
second user (A or B, as the case may be) , and is transmitted to 
said first or second user, as the case may be, whereafter the 
receiving user recovers the digital signature by deciphering the 
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received, enciphered digital signature { (DigSign) PubKeyA' or 
(DigSign) PubKeyB ■ , as the case may be) with his private key 
(SecKeyA' or SecKeyB ' , as the case may be) . 

8. System according to claim 1, characterised in that the TTP 
server, after having received the enciphered file ( (Txt) SesKey) 
generates a time stamp {TStamp) and stores it, linked to the 
stored file and enciphered with the public storage key 
(PubStorKey) , in the storage medium (DB) . 

9. System according to claim 8, characterised in that, in the 
event of retrieving the stored file by the first or second user 
(A or B, as the case may be) the enciphered time stamp 

( (TStamp) PubStorKey) is recovered by deciphering with the private 
storage key (SecStorKey) , the recovered time stamp is 
subsequently enciphered with the current public key (PubKeyA' or 
PubKeyB', as the case may be) for the querying user, and is 
transmitted to said user, whereafter the user may decipher the 
enciphered time stamp ( (TStamp) PubKeyA' or (TStamp) PubKeyB ' , as 
the case may be) with the private key (SecKeyA' or SecKeyB' , as 
the case may be) current for said user. 
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